Effective virus scanners

Chris Mason lists at MASONC.COM
Sun Aug 24 11:06:48 IST 2003 

Antony,
Thank you for a very complete answer, it was exactly what I need. My
requirements are not overly paranoid, I ran without a server based virus
scanner for a long time because we restrict most of the users internet
access to the mail server and intranet, we use squirrelmail for accessing
email, and almost all the users run with restricted priviledges so they
can't install a program anyway.

However, it is tempting to add f-prot as a second scanner, as I already have
it installed for file scanning.

Chris Mason
masonc at masonc.com
Yahoo IM: netconcepts_anguilla at yahoo.com
264 497-5670 Fax: 264 497-8463
www.netconcepts.ai


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Antony Stone
> Sent: Sunday, August 24, 2003 4:46 AM
> To: MAILSCANNER at JISCMAIL.AC.UK
> Subject: Re: Effective virus scanners
> 
> 
> On Sunday 24 August 2003 3:57 am, Chris Mason wrote:
> 
> > From your experience how effective is the ClamAV virus database?
> 
> I think this deserves a more complete answer than I put in my 
> last posting.
> 
> I've been using ClamAV for about 9 months now, and I would 
> say it has become
> as good any other commercial A-V engine, and better than some.
> 
> The main judge of an A-V product (apart from whether it can 
> detect viruses,
> of course, which I'm taking as read in this discussion) is 
> how quickly a new
> virus has a signature available for it - simply because the 
> virus you're most
> likely to see coming in to your system is the latest one - 
> that's how they
> work.
> 
> That said, in recent weeks & months, ClamAV has kept up with 
> the commercial
> A-V vendors in releasing timely signatures for new viruses & 
> worms, often
> beating some of them on speed.
> 
> My opinion is that it's a pretty well-matched race - imagine 
> all the A-V
> vendors lined up on a starting grid, and they start running 
> when a new virus
> is seen in the wild.   The order in which they finish is 
> pretty mixed from
> one race to another, and ClamAV can hold its own and keep up 
> there with the
> leaders.
> 
> One way to judge it is that I would expect the intervals at which you
> download new signature files to be around the same as the 
> difference between
> the leading (including ClamAV) vendors releasing signatures 
> for new viruses -
> therefore there's as much of a random element inside your 
> computer as there
> is between the signature sources in terms of deciding which 
> one gets a new
> signature first.
> 
> That said, the ones who do not lead in a given race (which 
> again from time to
> time includes most of the well-known names), are sometimes 
> incredibly slow to
> produce a new signature - several days is not unknown to some 
> members of this
> list who have supplied samples to their commercial A-V vendors.
> 
> Hope this is useful for you.
> 
> Regards,
> 
> 
> Antony.
> 
> --
> 
> Programming is a Dark Art, and it will always be. The programmer is
> fighting against the two most destructive forces in the universe:
> entropy and human stupidity. They're not things you can always
> overcome with a "methodology" or on a schedule.
>  - Damian Conway, Perl God
>

More information about the MailScanner mailing list